The Microsoft Threat Intelligence Podcast 11.1.23
Ep 5 | 11.1.23

Octo Tempest Threat Actor Profile

Show Notes

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Microsoft threat research experts to talk about the activities of a threat actor known as Octo Tempest (which overlaps with research associated with 0ktapus, Scattered Spider, and UNC3944) and the blog released by Microsoft threat intelligence and Microsoft incident response groups. The discussion covers various tactics, techniques, and procedures Octo Tempest employs, such as SIM swapping, SMS phishing, and living off the land rather than using traditional malware. Octo Tempest is portrayed as a highly bespoke and hands-on threat actor, often engaged in "keyboard-to-keyboard combat" and showing extreme persistence even after being detected. 

In this episode you’ll learn:      

  • Techniques used to modify email rules and evade defensive tools 
  • The contrast between tailored attacks and automated targeted threat actors  
  • Why organizations should separate high-privileged accounts from normal user accounts 

Some questions we ask:     

  • Is there an end game for OctoTempest, and is it always ransomware? 
  • What is the importance of assuming the first-factor password is already compromised? 
  • How can organizations test controls and alerting for their security posture? 


View Sherrod DeGrippo on LinkedIn 

Related Microsoft Podcasts:  


Discover and follow other Microsoft podcasts at  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of The CyberWire Network.